Last week, Republican presidential candidate Donald Trump's campaign team released a plan to address "the cyber," as the candidate had promised to do in a speech he gave earlier this month.

Like most of his other policies, Trump's cybersecurity plan is frustratingly thin on details. It calls for an "immediate review of all US cyber defenses and vulnerabilities, including critical infrastructure, by a Cyber Review Team of individuals from the military, law enforcement, and the private sector."

What that would look like in practice, how much it would cost, how it would be funded, and how it would be different from what the government already does remains murky.

On the eve of the third and final presidential debate, it’s difficult to understate how little Trump has said about the Internet and digital security during the course of his campaign.

"I don't know if we know it was Russia who broke into the DNC," he said, contradicting reports from the intelligence community and the Obama administration.

"[Hillary Clinton’s] saying Russia, Russia, Russia. Maybe it was. It could also be China, it could be someone sitting on their bed that weighs 400 pounds."

The Republican presidential candidate has given hints into his thinking in interviews and statements here and there, but taken together, they don't give a clear picture of what he would do to address the nation’s domestic surveillance and foreign intelligence concerns.

While the Trump team's website has a slew of policy positions and fact sheets on various other topics listed, buried on the battleground states pages (like Ohio and North Carolina) is this two-sentence statement:

There are serious threats facing the United States and American strength is the only way to ensure peace. We must rebuild our military, reform our intelligence agencies, and prepare our government for the security challenges of cyberspace.

What exactly that means is unclear. The Trump campaign did not respond to Ars’ request for comment.

By contrast, Hillary Clinton’s website is filled with pages upon pages of policies, proposals, and speeches concerning tech. In June 2016, she released an “Initiative on Technology Innovation,” an exhaustive list of tech-related policies, ranging from cybersecurity to patent reform. Her campaign, however, also did not respond to Ars’ request for comment.

As a way to better understand how the two candidates view the encryption debate, Edward Snowden's influence, and the overall cybersecurity discussion, we thought we would examine the candidates' most notable public statements on tech issues.

Our tax dollars at work

Clinton has publicly supported the “Encryption Commission” that was advanced by two senators earlier this year, but such a commission is highly unlikely to be put forward to President Barack Obama before he leaves office in January 2017.

According to its bipartisan architects, the group would “collectively address the larger issue of protecting national security and digital security, without letting encrypted communications become a safe haven for terrorists.”

The former secretary of state seems to be of the mindset that there is some magical middle ground where strong encryption can co-exist with a way for the government to still get in.

Further Reading

“Impenetrable encryption provides significant cybersecurity advantages but may also make it harder for law enforcement and counterterrorism professionals to investigate plots and prevent future attacks," Clinton told an audience at Stanford University in March 2016. “ISIS knows this, too. At the same time, there are legitimate worries about privacy, network security, and creating new vulnerabilities that bad actors—including terrorists—can exploit.”

In December 2015, she said during a debate that there should be a “Manhattan-like project” to bust encryption when needed.

Strategist Teddy Goff seems to agree. He privately told other Clinton staffers that Clinton doesn't seem to have a strong command of encryption, according to an e-mail leaked by WikiLeaks as part of the Podesta Files.

speaking of not understanding the technology, there is a critical technical point which our current language around encryption makes plain she isn't aware of. open-source unencrypted messaging technologies are in the public domain. there is literally no way to put that genie back in the bottle. so we can try to compel a whatsapp to unencrypt, but that may only have the effect of pushing terrorists onto emergent encrypted platforms.

i do think going forward it will be helpful to be able to refer to her having pledged not to mandate a backdoor as president. but we've got to iron out the rest of the message. i actually do believe there is a way to thread the needle here, which i am happy to discuss; it requires us to quickly pivot from encryption to the broader issue of working with tech companies to detect and stop these people, and not getting into the weeds of which app they happen to use and that sort of thing.

Trump, by contrast, has not taken a public position on this Encryption Commission.

"First of all, Apple ought to give [authorities] the security to that phone," Trump told a rally in South Carolina. "What I think you ought to do is boycott Apple until they give that security number. I just thought of that—boycott Apple.”

Further Reading

Clinton hasn’t explicitly said that Snowden is a traitor, but she seems to lean in that direction. During the October 2015 Democratic debate, she said that Snowden “broke the laws of the United States” and added:

He could have been a whistleblower. He could have gotten all of the protections of being a whistleblower. He could have raised all the issues that he has raised. And I think there would have been a positive response to that.

In addition—in addition, he stole very important information that has unfortunately fallen into a lot of the wrong hands. So I don't think he should be brought home without facing the music.

Say what?

Further Reading

Given Trump’s lack of a coherent policy, it’s not surprising that Silicon Valley has largely come out in favor of Clinton, who has earned endorsements from 150 tech executives and influential actors. (Even Carly Fiorina, a former Republican candidate for president and former CEO at Hewlett-Packard, has come out in favor of Clinton.)

Gary Shapiro, the CEO of the Consumer Electronics Association, wrote in early September that Clinton is the “only candidate with a technology policy.” That said, heavy-hitting Silicon Valley investor Peter Thiel is giving $1.25 million to the Trump campaign.

Meanwhile, despite Clinton's devotion to policy, she was less adept when she set up her own private e-mail server in her house in New York. She has been roundly criticized by her opponent and by top government officials, including FBI Director James Comey, who lambasted her decision but ultimately found that it was not worthy of criminal prosecution. Since then, Clinton has apologized for keeping the private server and said she would not do it again.

"Clinton’s position is cautious, incremental, sober and boring: a cybersecurity third term for President Obama,” Stewart Baker, the former top lawyer at the National Security Agency, told the Washington Post, in August 2016. “She is proposing nothing that President Obama hasn’t already proposed.”

By contrast, he said, Trump's position is "impressionistic and focused on American decline.”

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is out now from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar